Encryption is simple. Security is not. The reason for that is because encryption is just math, but security involves people, who are often stupid.
Isn’t there someone at the factory who can look at the hardware and see a hole?
Add me to the “This is the BIG CASE which will have massive public support to break encryption forever”.
Didn’t NSA try to DEMAND the passcodes for every device? IIRC, they lost the battle that time. This time, they can point to a real terrorist and say “National Security!”.
Please look at the “Patriot Act” and the “extra-legal” crap W got away with after 9/1/2001.
Nor me.
This is the big inversion in technology we have with modern computers and consumer devices.
The iPhone cost many hundreds of millions to develop. Apple have more staff than the NSA, probably bigger development budgets, pay better, and make hundreds of millions of devices to pay for it all. And they have the mathematics on their side. This is not a simple consumer level security device. It is about as sophisticated as it gets. But because they make them in the tens of millions they cost cents. If you wanted one, it would cost many many millions. An iPhone is not a “simple consumer device”. It is an astoundingly complex device that 20 years ago would have been science fiction. It distils down the last 60 years of computer design into a microcosm of its own.
Because the credit card companies are idiots. They are so concerned with not disrupting the status quo of ease of use that they resist even the most basic of changes to what is essentially an almost useless security model. The iPhone security protects the Apple Pay system. This system is one of the reasons Apple are so protective of the system. That has a level of security that makes credit cards look utterly stone age.
Worth saying, computer security isn’t simple or easy. The mathematics behind the various encryption mechanisms used is not obvious. A lot of foolish people have thought that rolling their own security mechanisms would be a good idea. It never works out well. There are deep nuances that need to be understood in order to ensure that there is end to end security. Exploits to break security continue to be discovered, and usually present exploit possibilities against companies that understand those nuances. You only need one crack for the whole ediface to fail. It is quite possible there are exploitable holes in Apple’s system. But it you read the technical description, you cannot fial to be impressed at the thoroughness of the design.
Sigh. :smack: Ironically sent on my iPhone. Sodding spell checker. And small screen.
The newer phones have a backdoor access to the flash memory controller that allows them to directly address the memory blocks, and ensure they really are erased. Normal access goes via the wear levelling system, which can result in blocks being retired that contain critical data, even when you though you had overwritten it.
The iPhone 5c is before this, so it isn’t clear how it manages. But the important point remains. There is a single copy of a component of the key generation process that once gone renders anything encrypted with those keys, unencryptable forever.
The key point is that the iCloud backup is not a backup of your data, it is a backup of that iPhone’s data. Only that iPhone has the ability to decrypt it. That phone can provide a key that allows another device access to that data, but it must be asked to do so, and authorised by its user to do so. If you brick the phone, the backed-up data is rendered useless.
I don’t belong to the tech community, and this thought immediately crossed my mind. Call me a paranoid conspiracy theorist.
Much better conspiracy theory is that Apple have long since installed backdoors into all the phones and this is a way of publicly reassuring the bad guys that they really can continue to use iPhones with total security.
Of course once any capability to break the phone’s security became known about, it loses its value dramatically. The NSA are probably praying that Apple win this one.
From an international perspective, Apple has to prove it’s trustworthiness and the integrity of their products. It is very clear that once the FBI (a US government agency) has been granted access, so has the US government as a whole. They can and will use this capability to spy on everybody, hostile foreign governments, allies, companies, organizations, individuals all over the world.
With the terrorists dead, why is it so important to get into the phone? Don’t they have the metadata of who he communicated with?
If this is possible without somehow breaking some of the hardware built-in security in iPhone 5C, it could still be a bear.
Without the custom software from Apple to change the PIN delay this could still take years. After the 6th failed attempt you’re locked out for 1 minute, after the 7th 5 minutes, after the 8th 15 minutes, after the 9th 1 hour. I believe if you don’t have the wipe device option turned on, the attempt timer stays at 1 hour forever after that. So realistically depending on how quickly you can reload the phone’s data like you’re suggesting you will probably do 8 attempts then revert the phone, as it’s probably not worth the 15 minute then 1 hour lockout wait times.
Part of what the FBI is asking for in the firmware is also getting the “try time” on all PIN attempts down to only an 80ms delay (this delay is actually part of the key derivation function so can’t go lower), the built in delay is a little longer than that on the “normal phone”, and without special firmware a person or some sort of device designed to touch the screen automatically will have to input the PIN. Just assuming you get 8 PIN attempts every 15 minutes, that’s 768 attempts a day and a max time to unlock of 13 days (with a probability of hitting the number in half that time), which isn’t too bad. But that assumes a 4 digit PIN–no one knows for sure the length of Farook’s PIN. In iOS 9, Apple actually recommends when you setup your phone’s PIN to use a 6 digit PIN (but a lot of people who have used earlier versions of iPhone and are used to using a 4 digit PIN just disregard this and keep the same 4 digit PIN they used on earlier phones.)
With a 6 digit PIN only able to run 768 attempts per day, you’re looking at 3.5 years maximum time to break it, with a probability of hitting the number in half that time. The FBI doesn’t want it to take 1.5 years of constantly loading/reloading the device like you suggest to unlock one phone. Plus, iPhones do break/wear out, who knows what the effect of this activity might have on the phone and it could eventually cause failure of a key part of the phone’s hardware that would basically make it impossible to continue.
Since the firmware being asked for by the FBI would make it so they can automatically slam numbers in at a rate of 12 per second (the 80ms delay is as low as they can get), they’d hit over 1m combinations in less than a day.
Getting a little out of GQ territory but the rumor mill suggests they were able to unlock Farook’s phone and DOJ is just choosing this as a case to set a precedent. This isn’t impossible to believe, a lot of people use: their birthday, spouse’s birthday, bank PIN, etc as a PIN code in a 4 digit scheme. It’s possible law enforcement was willing to burn 7-8 PIN attempts using that information and one of them worked.
Here’s an article at Slate pointing out the oddities of what the FBI is doing.
It really does appear to be a toe-in-the-door attempt by the Feds to force all sorts of backdoors and such into consumer devices.
One of the oddest things about the story: Somehow the password on the phone got changed after the FBI had it in their possession. If that hadn’t happened, there wouldn’t be an issue to discuss.
The password on the phone didn’t get changed.
So, iCloud is Apple’s backup cloud service for iDevices (I think you can put other stuff on there using the PC/Mac clients as well.) Under very long standing precedents, data like that which Apple has on its systems is the valid target of ordinary search warrants. And cloud providers and service providers in general have long complied with such warrants (they really have no choice–they have physical possession of something that is the target of a search warrant, a very different situation from Farook’s iPhone.)
However, Farook’s iPhone hadn’t backed up to iCloud for six weeks prior to the shooting. What the FBI wants is the data on the phone that it doesn’t have access to through iCloud because the last six weeks isn’t on iCloud.
Now, as an owner of iDevices I can tell you that iCloud automatic backups can be spotty if you don’t keep your device plugged in a lot and connected to a known WiFi network. Farook’s backup history had been spotty before hand, maybe because he had automatic backups turned off, but also possibly because maybe he doesn’t connect his phone to his home WiFi (or doesn’t have home WiFi) so maybe there are only limited areas where the plugged in + known WiFi scenario occurs. As I can attest from my iPad which is often not plugged in, sometimes many weeks can pass between backups because not only does it have to be plugged in and connected to a known WiFi network, it has to be plugged in for x amount of time before it’ll do an iCloud backup. I know this is the case because just occasionally pugging my iPad in and using it lightly, I’ve ended up going weeks and weeks with no iCloud backup (and the device will warn you of this periodically.)
So as a potential way to help the FBI, Apple suggested they take Farook’s device and plug it into a power outlet at his office, reasoning that it will auto-connect to his work’s WiFi, and while plugged into power, eventually do an iCloud automatic update.
But, right before this could happen someone changed his iCloud password, not his iPhone PIN. But since the password stored on the iPhone is now wrong, his iPhone can now not sync with iCloud–it’s prompting for him to enter the correct password, which he can’t do because he’s dead and no one else can do because they don’t know his PIN to get onto his phone and change the phone’s stored iCloud password.
If the person who changed his iCloud password (after Farook had been dead for awhile) knew his previous password they could set it back to that and the iPhone could probably sync, but it’s unclear now who changed it and unclear if they knew his original iCloud password.
There should only be two ways to change the iCloud password: By either knowing the original, or by using the “Forgot your password?” option most services have, which usually changes it to a random string and e-mails it to the e-mail address they have on file for the owner. If the latter, then the FBI should be able to get their hands on that e-mail, and might also be able to track down who uses that address (at worst, they could probably subpoena the e-mail service provider to find out what IP addresses accessed that account when, and then subpoena the ISPs corresponding to those IP addresses to find customer information for those IPs at those times).
Is this really true? If so, it makes the vaunted iCloud backup far less useful for those of us who aren’t terrorists, drug dealers, or pedophiles.
ISTM that many of the most likely circumstances in which most people would need to access a backup would entail not having access to the phone in working order: lost, stolen, dropped in the ocean, run over by a truck, or put in the microwave by a toddler. In these circumstances is the backed up data also lost, or is there another option if the phone is destroyed but not specfically bricked?
If not, I have to set up a separate backup system for my wife’s iPhone 6.
Okay, a quick search shows that (as I should have realized) it is obviously possible to restore an iCloud backup from a lost or destroyed iPhone to a replacement. So, Francis Vaughan, could you explain how that relates to the passage of yours I quoted?
Right. Certainly there must be a way to recover your code if you forget it
Ah, no. It is more complex. You can set a password on your iCloud backups. The phone knows the iCloud encryption key and re-encrypts the set of encryption keys used with the data (known as a key-bag) with it. This key is protected internally by the phone’s security mechanisms, so it can make backups. If you don’t have a password on the iCloud backups the keychain remains encrypted anyway within the backup. Apple notes that the backups are subject to large scale parallel brute-force attack. The keychain is what is protected as I described.
The gory details are here.
Keep in mind iCloud backs up devices themselves but also files, you don’t need the device specific PIN for a lot of iCloud data because it’s uploaded as content (photos, contacts etc.) Depending on what else he had, some stuff like iMessage text messages also get “shared” to other devices (like Mac computers) so it’s possible the government has access to some of that as well depending on what they’ve recovered.
My thought was it would be fairly easy for apple to build in a hardware bypass, known only to a handful of engineers that thy could use in situations like this. By creating jumpers between a dozen specified pins, perhaps even doing so in a way that requires damaging the phone otherwise. Example having a contact that is under something that would need to be cut/ground off and would cripple the video but allow access to the file system (thus of trivial use to thieves).
Present day laptops have similar methods (jumpers) for breaking bios passwords (you cant just pull the battery these days)